DEF CON 26 DATA DUPLICATION VILLAGE — Mauro Caseres — Owning Gluster FS with GEVAUDAN

Gluster is a free scalable network filesystem. Using common off-the-shelf hardware, it allows the user to create large, distributed storage solution for media streaming, data analysis, and other data and bandwidth intensive tasks, thus providing a nice alternative to create a data replication pool easily. It was acquired by Red Hat in 2011, and merged into Red Hat Storage server in 2012, while still available in the open source world. Gluster itself doesn’t have a large vulnerabilities history, having only 6 vulnerabilities reported in the last 6 years (2 of them after being bought by Red Hat). In this talk, we’ll focus on the latter two, releasing GEVAUDAN, an exploit for newcomers to the gluster world to learn about it’s architecture and security, and the implicancies of proper access managament on replicated data systems. This is a talk for begginers from both fields: data replication schemas and exploits writing, so both fields will have a proper introductory section. A live demo will take place during the talk, and the public can actively participate.